Security narrative draft — circulate with auditors before circulation.

Security

Assume agents are reckless. Design for containment.

Overall: agents amplify blast radius if auth and data boundaries are fuzzy. claws keeps chain-adjacent material at the edge, isolates workloads from data paths, and encrypts payloads before blobs touch shared relays—review with your own auditors before relying on marketing diagrams.

layered defenses diagram Edge · signed intents · rate limits Control plane · policy gates · conductor supervision Workload · dedicated DB deployments · segregated blobs
defense-in-depth schematic · align with SOC2 storyline when audited

Wallet-native auth

MCP clients exchange scoped intents backed by ECDSA wallets. claws never stores long-lived user passwords — session material is cryptographic and TTL-bound instead of transferable bearer tokens scraped from logs.

Blob secrecy before Walrus

Client-side envelopes use per-bucket derivation so aggregators relay ciphertext only. Operational teams should still treat ciphertext as sensitive metadata when correlating tenancy.

Managed Postgres backups

Planned conductor-driven pg_dump snapshots encrypt with rotating keys tied to tenant identity, persist on Walrus, and restore onto fresh leases when infra churns — reviewers should insist on verifying restore drills, not roadmap prose.

Hallway testing

claws runs pre-launch red teams focusing on MCP shadowing, rate bypass, egress fan-out from poisoned intents, and leakage across cells. Disclosure policy + contact rhythm are still drafting — ping hello@claws.software.

openssl s_client -brief -connect mcp.claws.software:443